Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5538.NASLHistoryOct 28, 2023 - 12:00 a.m.
Debian DSA-5538-1 : thunderbird - security update
2023-10-2800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
debian 11
debian 12
thunderbird
multiple vulnerabilities
browser prompts
crashes
memory safety bugs
cve-2023-5721
cve-2023-5724
cve-2023-5725
cve-2023-5728
cve-2023-5730
cve-2023-5732
nessus scanner
self-reported version
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.9%
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5538 advisory.
-
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (CVE-2023-5721)
-
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
(CVE-2023-5724) -
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (CVE-2023-5725)
-
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (CVE-2023-5728)
-
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (CVE-2023-5730)
-
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (CVE-2023-5732)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5538. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(183997);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");
script_cve_id(
"CVE-2023-5721",
"CVE-2023-5724",
"CVE-2023-5725",
"CVE-2023-5728",
"CVE-2023-5730",
"CVE-2023-5732"
);
script_name(english:"Debian DSA-5538-1 : thunderbird - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5538 advisory.
- It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by
the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR <
115.4, and Thunderbird < 115.4.1. (CVE-2023-5721)
- Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led
to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
(CVE-2023-5724)
- A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be
leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4,
and Thunderbird < 115.4.1. (CVE-2023-5725)
- During garbage collection extra operations were performed on a object that should not be. This could have
led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and
Thunderbird < 115.4.1. (CVE-2023-5728)
- Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs
showed evidence of memory corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and
Thunderbird < 115.4.1. (CVE-2023-5730)
- An attacker could have created a malicious link using bidirectional characters to spoof the location in
the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and
Thunderbird < 115.4.1. (CVE-2023-5732)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/thunderbird");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5538");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5721");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5724");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5725");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5728");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5730");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5732");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/thunderbird");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/thunderbird");
script_set_attribute(attribute:"solution", value:
"Upgrade the thunderbird packages.
For the stable distribution (bookworm), these problems have been fixed in version 1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5730");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/31");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-af");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-mx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-th");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'thunderbird', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-af', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-en-ca', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-es-mx', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-lv', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-pa-in', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-th', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '11.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:115.4.1-1~deb11u1'},
{'release': '12.0', 'prefix': 'thunderbird', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-af', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-en-ca', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-es-mx', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-lv', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-pa-in', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-th', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:115.4.1-1~deb12u1'},
{'release': '12.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:115.4.1-1~deb12u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-l10n-af / thunderbird-l10n-all / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | thunderbird-l10n-pt-pt | p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt |
| debian | debian_linux | thunderbird-l10n-rm | p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm |
| debian | debian_linux | thunderbird-l10n-ro | p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro |
| debian | debian_linux | thunderbird-l10n-ru | p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru |
| debian | debian_linux | thunderbird-l10n-sk | p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk |
| debian | debian_linux | thunderbird-l10n-sl | p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl |
| debian | debian_linux | thunderbird-l10n-sq | p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq |
| debian | debian_linux | thunderbird-l10n-sr | p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr |
| debian | debian_linux | thunderbird-l10n-sv-se | p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se |
| debian | debian_linux | thunderbird-l10n-th | p-cpe:/a:debian:debian_linux:thunderbird-l10n-th |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5730
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5732
packages.debian.org/source/bookworm/thunderbird
packages.debian.org/source/bullseye/thunderbird
security-tracker.debian.org/tracker/CVE-2023-5721
security-tracker.debian.org/tracker/CVE-2023-5724
security-tracker.debian.org/tracker/CVE-2023-5725
security-tracker.debian.org/tracker/CVE-2023-5728
security-tracker.debian.org/tracker/CVE-2023-5730
security-tracker.debian.org/tracker/CVE-2023-5732
security-tracker.debian.org/tracker/source-package/thunderbird
www.debian.org/security/2023/dsa-5538
Related
osv
osv
firefox-esr - security update
2023-10-27 00:00:00
thunderbird - security update
2023-10-29 00:00:00
thunderbird vulnerabilities
2023-11-02 03:30:29
openvas
openvas
Debian: Security Advisory (DSA-5538-1)
2023-10-30 00:00:00
Mageia: Security Advisory (MGASA-2023-0308)
2023-11-07 00:00:00
Debian: Security Advisory (DLA-3637-1)
2023-10-30 00:00:00
mageia
mageia
Updated nss and firefox packages fix security vulnerabilities
2023-11-07 02:08:32
Updated thunderbird packages fix security vulnerabilities
2023-11-07 02:08:32
debian
debian
[SECURITY] [DSA 5538-1] thunderbird security update
2023-10-28 12:34:11
[SECURITY] [DLA 3637-1] thunderbird security update
2023-10-29 09:05:55
[SECURITY] [DSA 5535-1] firefox-esr security update
2023-10-25 19:14:08
nessus
nessus
Debian DSA-5535-1 : firefox-esr - security update
2023-10-25 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Thunderbird vulnerabilities (USN-6468-1)
2023-11-02 00:00:00
Amazon Linux 2 : thunderbird (ALAS-2023-2334)
2023-11-15 00:00:00
amazon
amazon
Important: thunderbird
2023-11-09 19:19:00
redhat
redhat
(RHSA-2023:6191) Important: thunderbird security update
2023-10-30 16:35:50
(RHSA-2023:6189) Important: firefox security update
2023-10-30 16:33:08
(RHSA-2023:6196) Important: thunderbird security update
2023-10-30 16:39:37
rocky
rocky
firefox security update
2023-11-11 23:00:15
ubuntu
ubuntu
Thunderbird vulnerabilities
2023-11-02 00:00:00
Firefox vulnerabilities
2023-10-30 00:00:00
Firefox regressions
2023-11-14 00:00:00
oraclelinux
oraclelinux
firefox security update
2023-10-31 00:00:00
thunderbird security update
2023-10-31 00:00:00
thunderbird security update
2023-10-31 00:00:00
almalinux
almalinux
Important: thunderbird security update
2023-10-30 00:00:00
Important: firefox security update
2023-10-30 00:00:00
Important: thunderbird security update
2023-10-30 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2023-10-24 22:27:04
[slackware-security] mozilla-thunderbird
2023-10-26 20:00:50
kaspersky
kaspersky
KLA61569 Multiple vulnerabilities in Mozilla Firefox ESR
2023-10-24 00:00:00
KLA61570 Multiple vulnerabilities in Mozilla Thunderbird
2023-10-24 00:00:00
KLA61568 Multiple vulnerabilities in Mozilla Firefox
2023-10-24 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.4 — Mozilla
2023-10-24 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.4.1 — Mozilla
2023-10-24 00:00:00
Security Vulnerabilities fixed in Firefox 119 — Mozilla
2023-10-24 00:00:00
cve
cve
alpinelinux
alpinelinux
nvd
nvd
debiancve
debiancve
redhatcve
redhatcve
veracode
veracode
Open Redirect
2023-10-27 21:05:12
Denial Of Service (DoS)
2023-10-27 21:05:18
Insufficient Activation Delay
2023-10-27 21:05:24
prion
prion
Authorization
2023-10-25 18:17:00
Code injection
2023-10-25 18:17:00
Design/Logic Flaw
2023-10-25 18:17:00
ubuntucve
ubuntucve
cvelist
cvelist
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-02-19 00:00:00
ibm
ibm
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.9%
Related for DEBIAN_DSA-5538.NASL